UK national security screening of commercial transactions: fundamental reform on the way2 August 2018

Introduction

The UK Government is seeking much greater power to use national security concerns to intervene in many more commercial transactions than today. New primary legislation will be needed to give effect to the proposals in the Government’s 24 July White Paper, “National Security and Investment: A consultation on proposed legislative reforms”, which is out for consultation until 16 October 2018.1 The timing of new law is not yet clear but it will likely be 2019 at the earliest, whether before or after the date of the UK’s scheduled exit from the EU.

Among governments worldwide, the UK is not alone – but equally it is not first – in responding to what it sees as the challenges of hostile state activity, technological developments and economic changes. The consultation2 notes Germany, Japan and Australia have already reformed their particular systems, and the EU is introducing its own framework regulation within which Member States may screen foreign direct investments in the EU.3 Our November 2017 briefing4 discussed the application of the Canadian, Australian and New Zealand regimes to critical energy infrastructure.

The particular challenge for the UK now will be legislating to achieve its national security objectives at the same time Brexit is redefining the UK’s entire relationship with the EU on a more distant basis: the UK is set to become a “third country” outside the EU, such that investments between the UK and the EU could in principle be subjected to public policy – based review.

This briefing is particularly relevant for businesses in these sectors:

• Core areas of the economy:
• Certain national infrastructure sectors – civil nuclear, communications, defence, energy and transport;
• Some advanced technologies – advanced materials and manufacturing science; artificial intelligence and machine learning; autonomous robotic systems; computing hardware; cryptographic technology;  nanotechnologies;  networking  and data communication; quantum technology; and synthetic biology;
• Critical direct suppliers to the Government and emergency services sectors – a critical direct supplier will be defined by considering, first, whether the supplier directly provides goods or services to the Government and/or emergency services; secondly, whether the supplier directly provide critical goods or services i.e. those intrinsic to the delivery of the Government and emergency services sectors; and thirdly, whether there are alternative suppliers that can be put in place quickly; and
• Military or dual – use technologies – arms, military and paramilitary equipment and equipment that can have both military and civilian
• Other key parts of the economy:
• Critical suppliers who directly and indirectly supply the core areas – defined using similar criteria as for suppliers to the Government and emergency services sectors;
• Other national infrastructure is not in the core areas – chemicals; emergency services; finance; food; government; health; space; and water; and
• Other advanced technologies not in the core

Less commonly, other parts of the economy not covered above may also be subject to intervention.

For the core areas, the Government has set out more details of what is and is not considered to be “core.”5 For the energy sector in particular, the following are considered to be core: significant upstream petroleum infrastructure, energy networks (electricity and gas), gas and electricity interconnectors, long-range gas storage and Gas Reception Terminals including LNG; large scale power generation greater than 2GW, energy suppliers providing energy to significant customer bases and the supply of petroleum-based road, aviation or heating fuels (including LPG) to the UK market. For reference, we reproduce in full the Energy section of the policy document in the Appendix to this Briefing for reference.

The transport core areas are limited to: the ownership and operation of statutory harbour authorities accounting for more than 5% of UK traffic, the operation of airports classed as dominant airports for economic regulation purposes (currently only Heathrow and Gatwick), and the provision of en route air traffic control services.

The proposed reforms will require more businesses than now to consider the national security implications of proposed mergers, investment or other activities and may involve a significant number of such transactions being reviewed by the Government,6 with a proportion of these being subject to formal intervention to mitigate national security risks. The regime will sit separately from UK merger control.

Proposed legal basis for Government national security intervention in commercial transactions

The Government’s proposed power to intervene requires that both limbs of the following test be met:

• reasonable grounds for suspecting that it is, or may be, the case that a trigger event has occurred or is in progress or contemplation; and
• a reasonable suspicion the trigger event may give rise to a risk to national security owing to the nature of the activities of the entity, or the nature of the asset7, to which the trigger event

The proposed powers will allow a Senior Minister8 to “call – in” for a national security review, a wide range of those economic events classed as “trigger events” that raise national security concerns.

Which economic events will count as “trigger events”?

The Government proposes the following:

• the acquisition of more than 25% of shares or votes in an entity;
• the acquisition of significant influence or control over an entity;
• the acquisition of further significant influence or control over an entity beyond the above thresholds;
• the acquisition of more than 50% of an asset; and
• the acquisition of significant influence or control over an

In brief, “significant influence or control” for entities would be indicated when a person can direct the activities of an entity or can ensure an entity generally

undertakes or performs the activities which they desire. For assets, it would be indicated when a person has absolute decision rights over the operation of an asset or can ensure the asset has been operated in the way they desire. This would result in the person being able to use, alter, destroy or manipulate the asset.

The range of economic events constituting a “trigger event” overlaps with the test in the UK merger control regime in the Enterprise Act 2002, namely “enterprises ceasing to be distinct” but is – and is intended to be – much broader than the merger control test. The Government’s policy intent is to make it difficult for parties to design transactions to avoid national security review. Consequently, it proposes to include the acquisition of control over assets as a trigger event. This would include, according to the Government’s examples:

• acquiring ownership of the servers of a business that provides services to a defence contractor;
• acquiring control over the intellectual property of code on which data servers operate for the benefit of an energy provider;
• buying land adjacent to or overlooking a national infrastructure site or a sensitive government facility; and
• acquiring assets physically located outside the UK including both physical assets and intellectual property rights where these are key to the provision of critical functions within the UK.

The Government also describes what it considers are the very rare situations where a loan may constitute a trigger event, although it is quick to emphasise that the overwhelming majority of loans raise no national security concerns.

The Government also describes how trigger events may occur unintentionally – for example, through the actions of others – in such cases may still be subject to the call– in power.

When might the Senior Minister call in a trigger event?

A trigger event may be called in following an assessment of the national security risk, which in turn requires three risk factors to be considered:

• target risk – the entity or asset subject to the trigger event could be used to undermine UK national security;
• the trigger event risk – the trigger event gives someone the means to use the entity or asset in this manner; and
• the acquirer risk – the person acquiring control over the target has the potential to use this to undermine national

What is the role of transaction parties in national security cases? The Government encourages parties to notify their trigger events which they consider may be of national security interest, either based on Government guidance or otherwise. Note, however, it has decided – after consultation – not to impose a mandatory notification requirement. If the parties do not notify a trigger event, the Government may give itself the power to intervene up to six months after the event. In support of this power, the Government has indicated it will increase the resources dedicated to market monitoring and invest in the tools and systems necessary.

Therefore, businesses contemplating transactions with potential national security implications will need to consider at an early stage how they choose to engage with the Government, including as necessary preparing a voluntary notification and factoring in the risk of a national security assessment limiting the scope of the transaction or delaying its completion.

Where the parties choose to pre – notify, the Senior Minister screens the notification for a period of up to 15 working days, which can be extended by another 15 working days.

If the Senior Minister calls in the trigger event for a national security assessment, such assessment would take up to 30 working days, extendable for a further 45 working days. A further extension is possible if the parties agree, and the clock can be paused while the Government awaits a response to its information requests.

Following a national security assessment, the Senior Minister can either confirm no further action will be taken, or may impose remedies on the trigger event. These may include the power to prevent the trigger event from taking place or unwinding a trigger event that has already completed. Decisions of the Senior Minister will be capable of challenge in the High Court under judicial review principles.

The Government proposes a series of powers backed up by very considerable criminal and civil penalties9 to ensure it can intervene effectively. For example, where the Government calls in a trigger event, the parties may not complete the transaction. Where a trigger event has already taken place, the Government would wish to impose ‘interim restrictions’ where it had reasonable grounds for suspecting there would be a risk to national security if such restrictions were not imposed, and the specific interim restrictions were reasonably necessary to protect national security while the Government considered the trigger event.

The overlap with UK merger control and the transition to the proposed new regime

The proposed new regime will sit apart from UK merger control. Transactions constituting “merger situations” under the Enterprise Act 2002 may also be “trigger events”, therefore parties may need to consider two separate – albeit voluntary – notifications: one to the Competition and Markets Authority for a competition assessment, and one to the Government for a national security assessment, operating under different timetables, with different routes of appeal.

This contrasts with present law in two respects:

1. The Government can today intervene only in merger situations giving rise to national security concerns. The Government changed the law with effect from 11 June 2018 so that transactions involving the development or production of items for military or military and civilian use, or the design and maintenance of aspects of computing hardware, or the development and production of quantum technology may be subject to intervention on national security grounds. The national security assessment can be triggered only by the jurisdictional requirement underpinning a competition assessment in the defined sectors. By contrast, the proposed national security regime attaches to “trigger events” which are defined more broadly than merger situations and which cover potentially all sectors of the economy, and which apply independently of the necessity of any competition assessment.
2. Secondly, under current merger control law, the Government may intervene in merger situations in the above sectors only where specific thresholds are met. As amended in June 2018, these thresholds have been lowered so that intervention can take place where the target business has a UK turnover over £1m and either the existing share of supply test must be met (25% share created or enhanced), or the target must have a share of supply of 25% or more of relevant goods or services in the By contrast, the proposed national security regime does not have an objectively measurable criterion allowing for intervention; instead, the Senior Minister must assess the national security risk based on the risk factors discussed above: target risk, trigger event risk and acquirer risk.

The Government has stated it will repeal its June 2018 national security changes to UK merger control rules when the proposed national security regime comes into effect. This means UK merger control will no longer permit Government intervention on national security grounds.

The Government has recognised the proposed regime will also need to sit alongside other regulatory regimes. The EU is also proposing its own foreign direct investment screening regulation which will directly apply in the UK for so long as the UK remains an EU Member State including to the end of any transitional or “implementation” period after the UK withdraws. After withdrawal, the effect of such EU Regulation in the UK – if any – will depend on the emerging UK –EU relationship.

Conclusion

The proposed new regime for reviewing national security would give the Government significant and flexible powers of intervention, backed by a strong penalties system, across a far wider range of transactions throughout the economy, but particularly focussed on core sectors.

The proposals – including the draft statement of policy intent – remain open for consultation until 16 October 2018. After this, there is likely to be little chance to influence the overall architecture of the system or much of its detailed operation. Therefore, if the nature of your business and your assets, and the transactions you are likely to engage in, could lead to target risk, trigger event risk or acquirer risk, you should consider responding to this consultation now.

This article was authored by Jeremy Robinson, a former regulatory partner in our London office.

1 This consultation is accompanied by a consultation on the Draft National Statement of Policy Intent, which provides further details on the operation of the proposed regime. See: https://www.gov.uk/government/consultations/national-security-and-investment-proposed-reforms.

2 Paragraph 1.23

3 For the EU proposal of 13 September 2017, see: https://eur-lex.europa.eu/resource.html?uri=cellar:cf655d2a-9858-11e7-b92d- 01aa75ed71a1.0001.02/DOC_1&format=PDF

4 https://www.wfw.com/wp-content/uploads/2017/11/WFWBriefing-CriticalEnergyInfrastructure.pdf

5 Draft Statutory Statement of Policy Intent, Annex A – The Core Areas

6 The Government has estimated there will be perhaps 200 notifications made on national security grounds each year of which maybe half will raise national security concerns and one quarter will be subject to a full national security assessment. See paragraphs 20 to 24 of the consultation document.

7 If the asset is land, this will be the nature of or the location of the land.

8 This would be defined to include Secretaries of State, the Chancellor of the Exchequer and the Prime Minister.

9 Maximum criminal penalties of unlimited fines or imprisonment of up to five years for breach of core obligations imposed on parties. Lower penalties would apply for failures to comply with some information-gathering powers where the consequences of non-compliance are considered to be lower risk to national security – here, the maximum term of imprisonment on indictment would be up to two years. Civil financial penalties may also be considerable: for breaches other than those related to the failure to provide information the maximum financial penalty for a business can be up to 10% of worldwide turnover, or for an individual up to 10% of total income or £500,000, whichever is higher. For offences committed in relation to the failure to provide information the maximum civil penalty will be a maximum one-off fine for a business or individual of up to £30,000, or a maximum daily fine for a business or an individual of up to £15,000. In addition, the Government will also have the power to apply to disqualified directors for up to 15 years, independently of or in addition to criminal or civil sanctions.